Why Are DNA Sites Bad? | Digital Privacy Issues

picture of a DNA puzzle to accompany article about whether or not dna websites are bad Are DNA sites Bad? If so, why?

I hear the question often, but the answer isn’t straightforward — because it depends on your approach to privacy. But I get it; you want the facts! So, let’s dive into the story of a recent DNA website breach. It’ll shine some light — from a digital privacy angle — on what can go wrong and why DNA sites may be a bad move.

Major Data Breach at Popular DNA Site

Remember a couple of years back when amateur true-crime enthusiasts helped police crack the Golden State Killer case using data from a DNA-matching website? The name of the site they used is GEDmatch, and it recently suffered a notable data breach.

GEDmatch.com v. 23andme.com

Dissimilar to mainstream commercial sites, like ancestry.com or 23andme.com, GEDmatch is for genealogy super-fans — the folks who can trace their ancestors back to Attila the Hun or Alfred the Great. GEDmatch users are passionate about chromosomes and what they can sometimes reveal.

The main difference between GED and other DNA platforms is users’ ability to upload genetic data processed elsewhere, making it very attractive to detectives. So much so that GEDmatch conspicuously alerts users about law enforcement’s presence on the platform. Plus, account holders can opt out of police searches, a privilege of which about 1,000,000 subscribers exercise.

The Hacking Incident

A few weeks ago, GEDmatch users logged in and discovered hundreds of new matches listed in their profiles — a genealogist’s dream! But a quick perusal of the fresh bounty revealed something was askew. Not only was the volume of new contacts unlikely, but some of the genetic profiles seemed implausible.

And then the other foot dropped. Users who’d opted out of the law enforcement module discovered they were suddenly opted in, and all their data was exposed. Suspicious profiles of suspected criminals landed in their family trees.

Eventually, GEDmatch discovered and revealed the platform suffered two back-to-back breaches. The hackers changed users’ settings and added bogus profiles to the database. Both state police and the F.B.I. are investigating the case, alongside a private digital security firm.

The hackers likely were able to get a hold of personally identifiable information contained in users’ profiles, like email, address, and phone number. Combined with genetic data, there’s also a family trail.

Why You Should Think Twice About Using DNA Services

The GEDmatch breach should serve as a warning to anyone wanting to maintain their privacy. While every website runs the chance of being hacked, DNA sites contain genetic data, which could prove incredibly damaging.

How?

Thanks to advancing detection technology, DNA includes answers about our health. If insurance companies access the data, they could, theoretically, use it to discriminate against people with certain health markers, like so-called “cancer genes” or a family history of Alzheimer’s and other costly degenerative conditions. Same goes for pharmacy companies.

Moreover, every person has to decide whether or not they want law enforcement having access to their DNA sequencing. Though most departments go out of their way to follow proper protocols, a hothead rookie filled with assumptions could do tremendous damage. Innocent people could land behind bars.

All things considered, if you want to avoid intrusive access to your genetic material, it’s smart to avoid DNA sites.